Conflict between Russia and Georgia turns to cyber warfare

Post navigation

Regular readers of the Sophos website will be no strangers to the rumours and accusations that have flown around for years, alleging that countries use the internet to engage in cyber warfare and espionage.

For instance, in September 2007, the Financial Times reported that the Chinese military were being blamed for a cyberattack which targeted a Pentagon computer system serving the office of US defense secretary Robert Gates. The FT reported that the People’s Liberation Army (PLA) had been named as the likely perpetrators of the attempted hack.

Things have recently heated up, however, as anyone who keeps a close eye on the newspapers will know. Nobody can fail to be saddened by the news of how the long-running dispute over the Georgian breakaway region of South Ossetia, has escalated into a full-blown conflict involving Russian and Georgian forces.

There are plenty of places where you can read on the net about the latest news coming from the region. However, I thought it might be interesting to document how this modern war has also spilled into internet skirmishes. Although we have not yet seen specific malware or spam campaigns related to this ongoing news story, there is evidence of hackers using the internet to disrupt and deface the websites of the opposing forces.

Here is a timeline of what we have seen so far:

8 August 2008
According to the Russian press, the website of South Ossetian government was attacked with a distributed denial of service (DDoS) attack. This followed in the hours after Georgian forces fired artillery shells at South Ossetian villages.

Some hacked websites were defaced with images of Georgian president Mikheil Saakashvili and Adolf Hitler.

Other Georgian websites which also suffered hacker attacks included the Ministry of Internal Affairs, the Ministry of Defense, and the website of the Ossetian Government in Exile. In addition, the National Bank of Georgia was defaced and Georgian news portals are also said to have been on receiving end of DDoS attacks.

11 August 2008
Media reports (in English and Russian) claim that Russian news agency RIA Novosti suffered a denial-of-service attack making it very slow to respond. Other sites are also believed to have been disrupted.

This blog isn’t the place to discuss who is right and wrong in the dispute, all we can hope is that the conflict does not broaden, and that there is a peaceful and swift resolution.

We’ll keep you informed if the current spate of defacements and DDoS attacks spill into a broader internet attack that could affect computer users in other countries.

Post navigation

About the author

Graham Cluley runs his own award-winning computer security blog at https://www.grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley